Google Cloud Platform Flaw Earns Researcher $5,000

Google has paid out $5,000 to a bug bounty hunter who discovered a serious vulnerability in the Google Cloud Platform.

Germany-based researcher Patrik Fehrenbach discovered that the Google Cloud Platform Console was plagued by a stored cross-site scripting (XSS) flaw.

The expert had signed up for a free 60-day trial on Google’s cloud platform and started testing all fields for XSS vulnerabilities. None of the payloads were triggered until two months later when Fehrenbach received a message from Google informing him that his trial period was ending.

In order to avoid charges, the researcher deleted his project, which was named “> . That was when the XSS payload was triggered because Google had not filtered the content of the error message displayed when a project is canceled.

“For those unfamiliar, and the knowledge hungry, here’s how the payload gets reflected in the content of the site: the first quote and angle bracket,’>’ close the preceding HTML tag which allowed my injected